Airflow · Airflow · CVE-2026-32228
**Name of the Vulnerable Software and Affected Versions**
Airflow versions prior to 3.2.0
**Description**
A user with asset materialize permission via the UI or API can trigger DAGs (Directed Acyclic Graphs, which are collections of all the tasks you want to run, organized in a way that reflects their relationships) to which they do not have access.
**Recommendations**
Update to version 3.2.0.